RHSA-2006:0178 - Security Advisory

Synopsis

Type/Severity

Topic

Updated ImageMagick packages that fix two security issues are now available.

This update has been rated as having moderate security impact by the RedHat Security Response Team.

Description

ImageMagick(TM) is an image display and manipulation tool for the X WindowSystem that can read and write multiple image formats.

A shell command injection flaw was found in ImageMagick's "display"command. It is possible to execute arbitrary commands by tricking a userinto running "display" on a file with a specially crafted name. The CommonVulnerabilities and Exposures project (cve.mitre.org) assigned the nameCVE-2005-4601 to this issue.

A format string flaw was discovered in the way ImageMagick handlesfilenames. It may be possible to execute arbitrary commands by tricking auser into running a carefully crafted ImageMagick command. (CVE-2006-0082)

Users of ImageMagick should upgrade to these updated packages, whichcontain backported patches and are not vulnerable to these issues.

Solution

Before applying this update, make sure all previously released erratarelevant to your system have been applied.

This update is available via Red Hat Network. To use Red Hat Network,launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriateRPMs being upgraded on your system.